General
-
Target
INVOICEKOMB20220001-03-10-22.pdf.exe
-
Size
1.2MB
-
Sample
221004-gqwa1sehcj
-
MD5
cbe324036a077d5b84d4c22788ff0027
-
SHA1
5526abc6eb697c083d3071bd5b6cf8fb67f617af
-
SHA256
67e6fd61e128d5649045a4fc55fc6c287722b5c92e65eef35ce0838d6210d901
-
SHA512
dd81a4fb9c160d96c9443e0e310c203f79573a71c54d404a0ada191d2d6224f440c899482df8d06a1ea871a98ae3e9c3e40d606b127be33478ed1d8afb955896
-
SSDEEP
24576:0AOcZ2i7W4sb3Vm6XYbh1GIoQHXehUcztVqEubl83o9Zkbg5:iv5EKhQOKWfqEUU2ZkM
Static task
static1
Behavioral task
behavioral1
Sample
INVOICEKOMB20220001-03-10-22.pdf.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
mh76
healthgovcalottery.net
wenxinliao.com
rooterphd.com
bbobbo.one
american-mes-de-dezembro.xyz
mintager.com
thespecialtstore.com
wemakegreenhomes.com
occurandmental.xyz
fidelityrealtytitle.com
numerisat.asia
wearestallions.com
supxl.com
rajacumi.com
renaziv.online
blixtindustries.com
fjljq.com
exploretrivenicamping.com
authenticusspa.com
uucloud.press
conclaveraleighapts.com
moqaq.com
graphicressie.com
homebest.online
yisaco.com
thedrybonesareawakening.com
browardhomeappraisal.com
xn--agroisleos-09a.com
clinchrecovery.com
rekoladev.com
mlbl1.xyz
tunecaring.com
avconstant.com
chelseavictorioustravels.com
esrfy.xyz
frijolitoswey.com
zsfsidltd.com
natashasadler.com
kice1.xyz
drivemytrains.xyz
shopalthosa.xyz
merendri.com
yetkiliveznem7.xyz
milestonesconstruction.com
apparodeoexpos.com
momotou.xyz
chatkhoneh.com
cacconsults.com
kigif-indonesia.com
segurambiental.com
verynicegirls.com
curearrow.com
fdupcoffee.com
theclevergolfers.com
moushimonster.com
qdchuangyedaikuan.com
hopefortodayrecovery.com
wk6agoboyxg6.xyz
giybetfm.com
completedn.xyz
eluawastudio.com
legacysportsusatexas.com
comgmaik.com
intelsearchtech.com
northpierangling.info
Targets
-
-
Target
INVOICEKOMB20220001-03-10-22.pdf.exe
-
Size
1.2MB
-
MD5
cbe324036a077d5b84d4c22788ff0027
-
SHA1
5526abc6eb697c083d3071bd5b6cf8fb67f617af
-
SHA256
67e6fd61e128d5649045a4fc55fc6c287722b5c92e65eef35ce0838d6210d901
-
SHA512
dd81a4fb9c160d96c9443e0e310c203f79573a71c54d404a0ada191d2d6224f440c899482df8d06a1ea871a98ae3e9c3e40d606b127be33478ed1d8afb955896
-
SSDEEP
24576:0AOcZ2i7W4sb3Vm6XYbh1GIoQHXehUcztVqEubl83o9Zkbg5:iv5EKhQOKWfqEUU2ZkM
-
Formbook payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-